Dnsmasq using 50-100% of CPU after comcast rolled IP address
-
Thursday Comcast rolled my IP address and I lost connectivity so I rebooted my pfSense router running on an ALIX box. My router has been problem-free for months however since the reboot, dnsmasq is constantly using 50% to 100% of the ALIX CPU.
I have searched the forums but I couldn't find anything related because I have not changed the pfsense config in months, possibly years. I am running the 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:38 EST 2012
I have attached a screenshot that clearly shows the spike in CPU usage and here is part of a top output - I rebooted recently to see if that would clear the problem.
last pid: 46361; load averages: 0.63, 0.62, 0.63 up 0+05:54:04 13:27:00 40 processes: 2 running, 38 sleeping CPU: 11.6% user, 1.6% nice, 31.4% system, 6.6% interrupt, 48.8% idle Mem: 42M Active, 22M Inact, 36M Wired, 20K Cache, 34M Buf, 134M Free Swap: 512M Total, 512M Free PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 39254 nobody 1 105 0 5556K 2652K RUN 217:24 42.97% dnsmasq 13875 root 1 69 0 35532K 20992K accept 0:23 0.98% php 28904 root 1 44 0 35532K 20568K accept 0:50 0.00% php 241 root 1 76 20 3408K 1152K kqread 0:15 0.00% check_reload_status 47764 root 1 76 20 3656K 1496K wait 0:10 0.00% sh 27075 root 1 64 20 3316K 1300K select 0:08 0.00% apinger 18425 root 1 44 0 4956K 2540K select 0:05 0.00% syslogd
Here is how dnsmasq is launched (should be stock)
# ps -ax | grep dns 37325 ?? Is 0:00.11 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d home -p /var/run/dnsmasq.pid -h /var/etc/hosts 39254 ?? R 214:29.86 /usr/local/sbin/dnsmasq --local-ttl 1 --all-servers --rebind-localhost-ok --stop-dns-rebind --dns-forward-max=5000 --cache-size=10000 --dhcp-hostsfile=/var/etc/hosts
Also, in case it helps, here are the hosts that dnsmasq loads from /var/etc/hosts
# cat /var/etc/hosts 127.0.0.1 localhost localhost.home 192.168.0.200 firewall.home firewall 192.168.0.102 imap.blacey.com imap 192.168.0.100 test.blacey.com test 192.168.0.2 bbl.home bbl 192.168.0.3 bblmbp.home bblmbp 192.168.0.6 laserjet1320.home laserjet1320 192.168.0.102 miniduo2.home miniduo2 192.168.0.103 miniduo1.home miniduo1 192.168.0.104 miniuni1.home miniuni1 192.168.0.105 nas4.home nas4 192.168.0.106 integra.home integra 192.168.0.107 pioneer-tv.home pioneer-tv 192.168.0.108 BBL-iPad.home BBL-iPad 192.168.0.109 eyefi.home eyefi 192.168.0.110 nas.home nas 192.168.0.111 nas2.home nas2 192.168.0.114 ds8.home ds8 192.168.0.115 vera.home vera 192.168.0.116 LagoonCam.home LagoonCam 192.168.0.117 DeckCam.home DeckCam 192.168.0.120 Sues-iPhone.home Sues-iPhone 192.168.0.121 BBLs-iPhone.home BBLs-iPhone 192.168.0.150 magicjack.home magicjack 192.168.0.201 guestroom-wap.home guestroom-wap 192.168.0.203 master-br-ape.home master-br-ape 192.168.0.215 vera2.home vera2 # dhpleases automatically entered # dhpleases automatically entered 192.168.0.95 iPhone.home iPhone # dynamic entry from dhcpd.leases 192.168.0.72 BBLs-iPhone.home BBLs-iPhone # dynamic entry from dhcpd.leases 192.168.0.87 AppleTV.home AppleTV # dynamic entry from dhcpd.leases 192.168.0.80 switch4E3677.home switch4E3677 # dynamic entry from dhcpd.leases 192.168.0.56 EPSONAA4610.home EPSONAA4610 # dynamic entry from dhcpd.leases 192.168.0.83 TIVO-6520001803CD6B8.home TIVO-6520001803CD6B8 # dynamic entry from dhcpd.leases
And finally, here is the dnsmasq section from my config.xml file.
<dnsmasq><enable><hosts><host>imap</host> <domain>blacey.com</domain> <ip>192.168.0.102</ip></hosts> <hosts><host>test</host> <domain>blacey.com</domain> <ip>192.168.0.100</ip></hosts> <regdhcp><regdhcpstatic></regdhcpstatic></regdhcp></enable></dnsmasq>
I would appreciate any pointers that you can provide.
Thanks,
Bruce
-
Do you have anything making dnsmasq work hard - perhaps a virus issuing lots of DNS requests? A packet capture on appropriate pfSense interfaces filtering on port 53 might show up something "interesting".
-
Thanks for the tip - I think you might have shed light on the culprit.
14:10:36.789152 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.789581 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.790624 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.790996 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.792118 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.792424 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.793621 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.793917 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.795108 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.795407 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.796624 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.796919 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.798125 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.798417 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.799613 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.799908 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.801118 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.801412 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.802611 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.802906 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.804120 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.804411 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.805600 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.805897 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.807107 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.807398 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.808597 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.808890 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.810095 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.810395 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.811664 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.811955 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.813108 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.813399 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.814603 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.814930 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.816150 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.816447 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.817641 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.817945 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.819110 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.819403 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.820621 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.820917 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.822110 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.822403 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.823589 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.823885 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.825089 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.825390 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.826644 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.826939 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.828091 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.828384 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.829597 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.829892 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.831097 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.831393 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.832596 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.832891 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.834092 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.834385 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.835605 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.835900 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.837094 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.837389 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.838587 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.838885 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.840084 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.840382 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.841586 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.841882 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.843101 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.843398 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.844576 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.844906 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.846093 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.846387 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.847579 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.847873 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.849073 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.849382 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.850582 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.850882 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.852085 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.852378 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.853582 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.853874 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.855083 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.855381 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.856600 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.856894 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.858082 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.858377 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.859581 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.859876 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.861077 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.861369 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.862572 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.862866 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.864077 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.864367 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.865792 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.866119 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.867314 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.867607 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.868839 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.869131 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.870317 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.870612 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.871842 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.872141 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.873340 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.873633 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.874834 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.875136 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.876345 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.876634 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.877827 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.878124 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.879326 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.879622 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.880820 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.881114 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.882318 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.882616 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.883823 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.884121 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.885329 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.885624 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.886817 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.887115 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.888330 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.888635 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.889809 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.890104 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.891326 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.891619 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.892819 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.893111 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.894372 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.894662 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.895803 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.896113 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.897317 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.897619 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.898815 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.899109 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.900325 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.900616 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.901821 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.902114 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.903339 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.903636 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.904831 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.905130 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.906316 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.906607 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.907807 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.908097 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.909303 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.909598 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.910804 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.911097 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.912301 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.912595 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.913802 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.914095 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.915300 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.915598 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.916800 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.917092 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.918321 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.918611 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.919799 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.920091 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.921312 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.921605 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.922805 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.923097 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.924320 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.924613 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.925801 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.926108 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.927317 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.927741 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.928838 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.929136 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.930301 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.930595 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.931821 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.932114 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.933277 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.933573 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.934775 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.935116 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.936325 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.936620 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.937797 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.938093 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.939296 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.939587 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.940810 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.941104 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.942286 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.942579 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.943807 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.944102 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.945279 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.945579 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.946791 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.947084 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.948284 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.948578 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.949805 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.950100 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.951285 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.951582 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.952782 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.953079 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.954280 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.954572 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.955787 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.956092 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.957276 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.957572 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.958777 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.959072 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.960261 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.960556 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.961786 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.962084 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.963274 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.963571 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.964790 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.965730 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.966769 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.967066 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.968282 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.968582 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.969758 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.970056 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.971277 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.971569 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.972774 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.973068 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.974270 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.974568 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.975755 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.976054 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.977269 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.977565 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.978765 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.979060 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.980309 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.980605 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.981766 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.982073 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.983263 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.983553 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.984750 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.985087 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.986279 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.986584 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.987776 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.988072 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.989279 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.989576 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.990741 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.991037 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.992245 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.992544 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.993757 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.994075 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.995268 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.995572 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.996741 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.997194 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.998242 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:36.998538 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:36.999770 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.000064 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.001247 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.001544 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.002769 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.003061 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.004244 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.004536 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.005748 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.006047 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.007306 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.007598 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.008769 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.009059 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.010253 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.010548 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.011746 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.012036 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.013306 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.013599 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.014761 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.015083 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.016220 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.016519 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.017737 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.018031 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181 14:10:37.019253 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53 14:10:37.019547 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
Now, I just need to see what the root cause is on host 192.168.0.2. Anyone aware of a Mac OS X virus that hammers DNS?
-
well first thing I would do is sniff a few packets and see what its looking for.
Next thing I would do is block it from talking to you or anything on tcp/udp 53 until you track down what it is.
-
There wasn't anything particularly interesting about the DNS lookups and a reboot of the Mac OS X box seems to have solved the problem.
Thanks for all your help and I will definitely keep an eye on it.
-
Just to close out the issue, all seems to be back to normal with respect to CPU usage - see the attached System CPU graphs.
Thanks again for your help!